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MEMORANDUM FOR: CIA Meaber of the USIB Computer Security Subcommittee 


SUBJECT 

REFERENCE 


Guidance for the Security Analysis, Test and Evalu- 
ation of Resource- Sharing Computer Systems 

Your memo for the Information Processing Coordi- 
nator/DDS dtd 13 November 1970; same subject 


1. The deadline you established for comments about the draft 
guidance was too short to permit a very careful or thorough consi- 
deration of the proposal, A hasty review leads to the conclusion 
that the proposal is totally impractical. The time, cost, and rela- 
tive lack of resources required to analyze, test, and evaluate all 
user programs v^uld cause computer systems to founder from the weight 
of their oxm overhead. I wonder whether any effort has been made to 
assess the magnitude of the task that would be Involved, how long it 
would take how many people to do it at what cost, and evaluate that 
in terms of the risk of not doing it in order to get some notion of 
its worth. Perhaps a more practical and direct approach would be 
stoply to take particular care to guarantee the reliability, in the 
personnel security sense, of systems programmers. 

2. There is a statement in paragraph III that the ’‘security 
analysis, test and evaluation should be conducted when the system is 
operating...." There is nothing to say what happens if the systems 
fall to pass the test and evaluation, but presumably it means that 
they wJuld have to be redesigned and reprogrananed . I have no way of 
guessing how many existing programs or programs yet to be developed 
would pass the test but the failure of any of them resulting in a need 
to start over again would impose an unbearable burden on the systems 
people and cause the alienation of users and managers at all levels 

of the organization. 

3. The scope of the paper says that the guidance applies "to 
all community intelligence functions using resource-sharing computer 
systems support for which special handling controls have been esta- 
blished." The use of the word "all" presumably applies whether the 
systems function in a totally intra-agency environment or an inter- 
agency exchange. Perhaps this requires some clarification. 
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4. The etatment of the scope says the guidance applies to 
the intelligence functions for which special handling contro s 
Len established. ’’Special handling" 

"intelligence functions" presumably do not include functions wl 
which we are primarily concerned in the Support that^ 

established special handling controls for many of our systms that 
deal with Security, Personnel, Financial, and ®"^setary infomation 
which are extremely sensitive but are not Intelligence functions an 
do not fall within any codeword system. I interpret the language n 
the TtJLent of .cope to »e.o, therefote. that the ^Idance proposal 
would not apply to systems in the Support Directorate. This is the 
interpretation I would prefer and I would appreciate confirmation 
that the Guidance does not apply to Support functions. 

5 The word "should" is used throughout the paper with never 
a specification of who "should", and there is nothing tp ^y the 

consequences will be if all of those things which should be done 
arc not. The paper says that systems should be accredited but we do 

^ot So; wS is LthorLed to do the accrediting, fniritive 

the effort to analyze, test, and evaluate systems should be a positive 
ofnegatlve recommLdkion for accreditation but there is no way of 
knowing to whom the recommendations are to be submitted. 

6. The editorial style of the paper Is troublesome throughout. 

One example from page 2 j "A, Security Analysi s - This process will 
encompass the accumulation of all f 

for nrovldine security protection of information.... Perhaps cn 
problS; ir^lf-evIdeL; but uhat 1 . . coneptu.! .pproach! How dues 
Le accumulate conceptual approaches? How does a process encompass 
the accumulation? 

7. Pages 8 through 11 discussing security testing seem, in a 
hasty review, to be almost exactly duplicative of pages 2 <:hrough 7 
^^oJlSlrs^curity analysis. I should think that a careful editorial 
review would make it possible to Improve the organization of t e paper 
significantly and shorten it appreciably. 
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